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Abstract. For the model of probabilistic labelled transition systems 
that allow for the co-existence of nondeterminism and probabilities, we 
present two notions of bisimulation metrics: one is state-based and the 
other is distribution-based. We provide a sound and complete modal 
characterisation for each of them, using real-valued modal logics based 
on the Hennessy-Milner logic. The logic for characterising the state-based 
metric is much simpler than an earlier logic by Desharnais et al. as it 
uses only two non-expansive operators rather than the general class of 
non-expansive operators. 
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1 Introduction 

Bisimulation is an important proof technique for establishing behavioural equiv¬ 
alences of concurrent systems. In probabilistic concurrency theory, there are 
roughly two kinds of bisimulations: one is state-based because it is directly de¬ 
fined over states and then lifted to distributions, and the other is distribution- 
based as it is a relation between distributions. The former is originally de¬ 
fined in |LS91j to represent a branching time semantics; the latter, as defined 
in |HKK14IIFZ14IIDFD15j , is strictly coarser and represents a linear time seman¬ 
tics. 

In correspondence with those bisimulations, there are two notions of be¬ 
havioural pseudometrics (simply called metrics). They are more robust ways of 
formalising behavioural similarity between formal systems than bisimulations 
because, particularly in the probabilistic setting, bisimulations are too sensitive 
to probabilities (a very small perturbation of the probabilities would render two 
systems non-bisimilar). A metric gives a quantitative measure of the distance be¬ 
tween two systems and distance 0 usually means that the two systems are bisim¬ 
ilar. A logical characterisation of the state-based bisimulation metric for labelled 
Markov processes is given in [DGJPQj] . For a more general model of labelled 
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concurrent Markov chains (LCMCs) that allow for the co-existence of nondeter- 
minism and probabilities, a weak bisimulation metric is proposed in [DJGPO^ . 
Its logical characterisation uses formulae like ho/, where / is a formula and 
h can be any non-expansive operator on [0,1], i.e. \h{x) — h{y)\ < \x — y\ for 
any x,y € [0,1]. A natural question then arises: instead of the general class of 
non-expansive operators, is it possible to use only a few simple non-expansive 
operators without losing the capability of characterising the bisimulation metric? 

In the current work, we give a positive answer to the above question. We work 
in the framework of probabilistic labelled transition systems (pLTSs) that are 
essentially the same as LCMCs, so the interplay of nondeterminism and proba¬ 
bilities is allowed. We provide a modal characterisation of the state-based bisim¬ 
ulation metric closely in line with the classical Hennessy-Milner logic (HML) 
|HM85j . Our variant of the HML makes use of state formulae and distribution 
formulae, which are formulae evaluated at states and distributions, respectively, 
and yield success probabilities. We use merely two non-expansive operators: 
negation (-k/j) and testing {(pQp). Negation is self-explanatory and the testing 
operator checks if a state satisfies a property with certain threshold probability. 
More precisely, if state s satisfies formula (j) with probability g, then it satisfies 
-!(/ with probability 1 — q, and satisfies (jjQp with probability q — p ii q > p and 
0 otherwise. In other words, we do not need the general classs of non-expansive 
operators because negation and testing, together with other modalities in the 
classical HML, are expressive enough to characterise bisimulation metrics. As re¬ 
gards to the characterisation of distribution-based bisimulation metric, we drop 
state formulae and use distribution formulae only. 

The rest of this paper is organised as follows. Section [5] provides some ba¬ 
sic concepts on pLTSs. Section [3] defines a two-sorted modal logic that leads to 
a sound and complete characterisation of the state-based bisimulation metric. 
Section |4] gives a similar characterisation for the distribution-based bisimula¬ 
tion metric. In Section [5] we review some related work. Finally, we conclude in 
Section [S] 

2 Preliminaries 

Let S' be a countable set. A (discrete) probability subdistribution over S is a 
function Z\ : S ^ [0,1] with ^ (full) distribution if 

J2seS = 1- Let 1^(3) denote the set of all distributions over S. A matching 
OJ £ 'D{S X S) for (A,6>) G T’(S) x 'D{S) is given if 

SsGS w(s, t) = 0{t) for all s,t G S. We denote the set of all matchings for {A, 0) 
by P(A,0). 

A metric d over space S is a distance function d : S x S ^ R>o satisfying: 
(i) d{s,t) = 0 iff s = t (isolation), (ii) d{s,t) = d{t,s) (symmetry), (iii) d{s,t) < 
d{s,u) + d{u,t) (triangle inequality), for any s,t,u G S. If we replace (i) with 
d{s, s) = 0 for all s G S, we obtain a pseudometric. In this paper we are interested 
in pseudometrics because two distinct states can still be at distance zero if their 
behaviour is similar. But for simplicity, we often use metrics for pseudometrics. 
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A metric d over S is c-bounded if d{s, t) < c for any s,t G S, where c € K.>o is 
a positive real number. 

Let d: S' x S' ^ [0,1] be a metric over S. We lift it to be a metric over 'D{S) 
by using the Kantorowich metric |KR58) K{d): V{S) x 'D{S) [0,1] defined 

via a linear programming problem as follows: 

K{d){A,0)= min V d(s,t) 

ujGf2(A,0) ^ ^ 
s,t£S 

for A,0 G T^{S). The dual of the above linear programming problem is the 
following 

max subject to 0 < Xs < 1 

Vs, t G S: Xs — Xt < d(s, t) . 

The duality theorem in linear programming guarantees that both problems have 
the same optimal value. 

Let d: X>(S) x X>(S) —>• [0,1] be a metric over 'D{S). We lift it to be a metric 
over the powerset of T>(S), written 7^(I?(S)), by using the Hausdorff metric 
H{d): 'P(V{S)) X V{V{S)) [0,1] given as follows 

Lf(d)(i7i,i72) = max{ sup inf d{A,0), sup inf d{0,A)} 
agiii 0en2 AeUi 


for all III, 112 C 'D{S), whereby inf 0 = 1 and sup0 = 0. 

Probabilistic labelled transition systems (pLTSs) generalize labelled transi¬ 
tion systems (LTSs) by allowing for probabilistic choices in the transitions. We 
consider pLTSs (or essentially simple probabilistic automata |Seg95| ) with count¬ 
able state spaces. 

Definition 1. A probabilistic labelled transition system is a triple {S,A,^), 
where S is a countable set of states, A is a countable set of actions, and the 
relation - 0 - G S x A x 'D{S) is a transition relation. 

We write s A for (s, a,A)G-0 and define der{s, a) = {Z\ ] s A} as 
the set of all a-successor distributions of s. A pLTS is image-finite if for any 
state s and action a the set der(s,a) is finite. In the current work, we focus on 
image-finite pLTSs. 


3 State-Based Bisimulation Metrics 

We consider the complete lattice ([0,1]'®^'®, C) defined hy d G d' iff d{s,t) < 
d'{s,t), for all s,t G S. For some D C [0,1]'®^'® the least upper bound is 
given by ([jD)(s,f) = sup^g^, d(s, t), and the greatest lower bound is given 
by (nil)(s,t) = infdgD (i(s, t) for all s,t G S. The bottom element 0 is the 
constant zero function 0(s, t) = 0 and the top element 1 is the constant one 
function l(s,t) = 1 for all s,t G S. 
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Definition 2. A 1-bounded metric d on S is a state-based bisimulation metric 
if for all s,t G S and e G [0,1) with d{s,t) < e, if s A then there exists some 
t A' with K{d){A, A') < e. 

The smallest (wrt. C) state-based bisimulation metric, denoted by d^b, is called 
state-based bisimilarity metric. Its kernel is the state-based bisimilarity as defined 
in [LS9n[Sei95] . 

Example 3. In this example, we calculate the distance between states s and t in 
Figure[TJ Firstly, observe that dsb(s 2 ,t 3 ) = 0 because S 2 is bisimilar to ta while 
dsb(s 3 ,t 3 ) = 1 because the two states S 3 and ta perform completely different 
actions. Secondly, let A — -I- and 0 = ^ 3 . We see that 

Kidsb){A, 0 ) = min^gr 2 (/i_ 0 ) dsbis 2 ,t 3 ) ■ ^(32,^3) + dsbis 3 ,t 3 ) ■ ^(33,^3) 

= min,^gr2(^^0) 1 • w(s2, ts) + 0 • a;(s3, fa) 

= min^gr2(^_0) 1 • i -h 0 • i 

~ 2 

It follows that d 3 f,(si,ti) = Similarly, we get d<jb(si,t 2 ) = Then it not 
difficult to see that 

K{dsb)(sT,^h-\-^h) = d,b(si,ti) ■ i-I-d,b(si,t2) ■ ^ ^ 

from which we finally obtain dsb{s,t) = ^. □ 

The above coinductively defined bisimilarity metric can be reformulated as 
a fixed point of a monotone functor. Let us define the functor F: [0, —>■ 

[0,for d: S' x S' —)■ [0,1] and s,t G S hy 

F{d){s, t) = svip{H{K{d)){der{s, a), der{t, a))} . 

a^A 

It can be shown that F is monotone and its least fixed point is defined by fl di, 
where do = 0 and di+i = F{di) for all i € N. 
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Proposition 4. For image-finite pLTSs, the strong bisimilarity metric is the 
least fixed point of F. □ 

Now we proceed by defining a real-valued modal logic based on the Hennessy- 
Milner logic |HM85] . called metric HML, to characterize the bisimilarity metric. 
Our logic is motivated by [D.TGP021 Def. 4.1], [DG.TPOdl Del. 4.1] and [DTWIOI 
Sec. 4]. In the remainder of this section we confine ourselves to pLTSs with 
hnitely many states. 

Definition 5. Our metric HML is two-sorted and has the following syntax: 

(fi ::= T \ \ If Q p \ ipi A ip 2 \ {a)if 

ijj ::= if e p \ ipi A'ijj2 \ [(^9] 

with a € A and p € [0,1]. 

Let C denote the set of all metric HML formulae, (p range over the set of all state 
formulae C , and ip range over the set of all distribution formulae C . The two 
kinds of formulae are defined simultaneously. The operator (pQp tests if a state 
passes (p with probability at least p. If (?!) is a state formula then it immediately 
induces a distribution formula [(/>]. Sometimes we abbreviate {a)[(/5] as {a)(p. All 
other operators are standard and have appeared in the classical HML. 

Definition 6. A state formula p € evaluates in s € S as follows: 

ri(s) = i, 

|-.(pl(s) = 1 - I(/3l(s), 

|V5©p1(s) = max(|(^l(s)-p, 0), 

|pi A P 2 l(s) = min(|(pi](s), [p 2 l(s)), 

|(a)V'l(s) = max 

s-^A 

and a distribution formula ip G evaluates in A £ V^S) as follows: 
fipepUA) =max(|V'l(A) -p,0), 

IV'i A V'2l(4\) = mindV^iKA), |V'2l(4\)), 

IMl(A)=^A(s)M(s). 

ses 

We often use constant formulae e.g. p for any p G [0,1] with the semantics 
|p1(s) = p, which is derivable in the above logic by letting p = T © (1 - P)- 
Moreover, we write (p©p for -i((-i(p) ©p) which has the semantics |p ©p](s) = 
min(|p](s) +p, 1) = 1 — max(l — |(p](s) —p, 0). In the presence of negation and 
conjunction we can derive disjunction by letting pi V p 2 to be “'(“'Pi A “'P 2 ). 
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Semantics of (a)(/3 is a translation of [D,TGP02l Def. 4.1] from labelled concurrent 
Markov chain semantics to pLTSs. Conjunction of distribution formulae ipi A 'ip 2 
could alternatively be replaced by ijji ©p ?/;2 or ijji © ' 4’2 |Henl21 Sec. 4] with 
semantics 

IV'l ®p ' 02 l(^) = sup {p ■ + {1 - 

A=pAi + (l-p)A2 

IV’i © V'2l(4\) = sup IV^l ffip V'2l(4\) 
pe(o.i) 


The above metric HML induces two natural logical metrics djij, and on 
states and distributions respectively, by letting 


= sup,pg£s |M(s) - M(i)l 

= sup^g^D ll-ipUA) - l'ipli0)\ 


Example 1. Consider the two probabilistic systems depicted in Figure [2] We 
have the formula p = (a)'0 where ip = [(a)T] A [(&)T]) and would like to know 
the difference s and t given by p. Let 


Z\i — 0.2 • si © 0.8 * S 2 
A2 = 0.8 ■ S5 + 0.2 • ss 

A 3 = 0.5 • S 3 + 0.5 • S 4 

Note that |(a)T](si) = 1 and I{a)T](s 2 ) = 0. Then |[(o)T]](Z\i) = 0.2 • 
|(a)Tl(si) +0.8- |(a)T](s 2 ) = 0.2. Similarly, |[( 6 )T]](Z\i) = 0.8. It follows that 
|i/^](Z\i) = min(|[(a)T]](Z\i), |[( 6 )T]](Z\i)) = 0.2. With similar arguments, we 
see that |i/)](Z\ 2 ) = 0.2 and |^/>](Z\ 3 ) = 0.5. Therefore, we can calculate that 

M(s) = max(|'0](Z\i), |■^/' 1 (Z\ 2 )) = 0.2 
M{t) = maxdVjK/li), I 1 PKA 2 ), M(4\3)) = 0.5. 

So the difference between s and t with respect to p is ||©](s) — |©](t)| = 0.3. In 
fact we also have d]!],(s,t) = 0.3. 

□ 


Example 8 . At first sight the following two equations seem to be sound. 

|[(^] ©p 1(Z\) = |[(/j©p]l(A) and PiAi) = J 2 pi{lipj{Ai)) 

i i 


However, in general they do not hold, as witnessed by the counterexamples 
below. Let p = {b)T, ip = [p] Q 0.5 and the distribution Ai be the same as in 
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1.0 



1.0 



Figure 2: dlfj(s,i) = 0.3 


Example [T] Then we have 

![(/?] 0 0.5l(Z\i) = max(|[v3]](Z\i) - 0.5, 0) 

= max(0.2[[(6)T]l(^) + 0.8[[(6)T]1(^) - 0.5, 0) 

= max(0.2 • 0 + 0.8 • 1 — 0.5, 0) 

= 0.3 

[[(^ e 0.5]l(Z\i) = 0.2|(^ e 0.5l(si) + 0.8[(/p e 0.51(S2) 

= 0.2max(|(/?](si) — 0.5, 0) + 0.8 max(|(/?](s 2 ) — 0.5, 0) 

= 0.2max(0 — 0.5, 0) + 0.8max(l — 0.5, 0) 

= 0.4 

0.2M(^) + 0.8M(^) = 0.2IM 0 0.51 (^) + 0.8IM 0 0.5] (^) 

= 0.2max(|[i^]](^) - 0.5, 0) + 0.8max(|[(/j]](^) - 0.5, 0) 
= 0.2 max(0 — 0.5, 0) + 0.8 max(l — 0.5, 0) 

= 0.4 

So we see that |[<p] 0O.5](Z\i) ^ |[(/? 0 0.5]](Z\i) and |^/;](Z\i) ^ 0.2|?/)](^) + 

0-8M(^) □ 

In what follows we will show that the logic C. precisely captures the bisim¬ 
ilarity metric d^;,: the metric d^^j defined by state formulae coincides with dsj 
and the metric dll], defined by distribution formulae coincides with K{dsi,), the 
lifted form of d^f,. The two properties are entangled because state formulae and 
distribution formulae are not independent. 

Lemma 9. 1. d'A C dcf, 

dit 0 K{dsi) 



Proof. We show the two statements simultaneously by structural induction on 
formulae. For any two states s,t £ S and distributions Ai,A 2 £ I’(-S'), we prove 
that 


(1) IM(s) - M(t)| < dsbis,t) for all ip £ 

(2) \m{A,) - m{A 2 )\ < K{dsb){A,,A 2 ) for all if £ . 

We first analyze the structure of p in (1). 

— p = T. Then it is trivial to see that Hv^Ks) — |v?l(OI = |1~1| = 0 < dsb{s,t). 

— p = ^p'. Then \Ip}{s) - |v3l(t)| = IMW “ [‘/?l(s)l < where the 

inequality holds by induction. 

— p = p' Q p. There are four subcases and we consider one of them. Suppose 
b'l (s) > P and Iv?! (t) < p, then | |pl (s) - |p] (t) | = | {p'l (s) -p| < | [p'l (s) - 
IpKOI ^ dsb{s,t) by induction. 

~ p = Pi A p 2 . Without loss of generality we assume that |v?](s) > [pKO- 
There are two possibilities: 

• If biiw < then [pl(s)-[pl(t) < |pil(s)-|v3il(t) < dsbis,t), 

where the last inequality holds by induction. 

• Symmetrically, if lp 2 }{t) < [piKO, then |v3](s) - |p](t) < |v32l(s) - 
[P2l(i) < dsb{s,t). 

— p = {a)'fi. We consider the non-trivial case that both s and t can perform 

action a. (If either of the two states cannot perform action a, the expected 
result is straightforward.) Let Z\i be the distribution such that s Ap. 
and |(a)^](s) = Since dsf, is a state-based bisimulation metric, by 

definition there exists some Z \2 such that t Z \2 and iL(ds(,)(Z\i, Z\ 2 ) < 
dsb{s,t). Without loss of generality we assume that |pl(s) > IpKO- H fol" 
lows that 

Mis) - Iv3](t) 

= bPlMi) - max^^^,M(Z\') 

< M(^i) - W(^2) 

< iL(dsf,)(Z\i, Z\ 2 ) by induction on 

< d,bis,t) 

Then we analyze the structure of ^|) in (2). 

— if = tpi Aip 2 - Without loss of generality we assume that > |7/’](Z\2). 

There are two possibilities: 

• IfIV’il(^2) < |V’2l(2\2), then |■!M(2\l)-IV’l(^2) < |^/’il(2\i)-|V’il(^2) < 

iL(ds{,)(Z\i, Z\ 2 ), where the last inequality holds by induction. 

• Symmetrically, if |■i/' 2 l(^ 2 ) < M}{A 2 ), then M(^i) - W(^ 2 ) < 
IV’2l(2\i) - |■^2l(^2) < K{dsb)iAi, A 2 ). 

— ip = ip' Qp for some p in [0,1]. There are four subcases and we consider one of 

them. Suppose MlMi) > P and lip'lM 2 ) < P, then ||^/>](Z\i) - |7/>](Z\2)| = 
lIV’K^i) -Pl < - I^'l(^ 2 )| < K{dsb){Ai,A 2 ) by induction. 
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~ Ip = [ip] for some ip & . Without loss of generality we assume that |<p](s) > 

|(^](t). We infer that 

W(^i) - W(^2) 

= EuGs(^i(“) - ^2(m))M(m) 

< max{X;„gs(^i(u) - A2{u))xu \ Xu,Xu’ G [0,1] A a;„ - Xu' < it')} 

= K{dsb){Ai, A 2 ) 

where the last equality holds because of the Kantorovich-Rubinstein duality 
theorem [KRSSHvBWOlaj and the last inequality holds because for any states 
It,It' G S' we have |(^](it), |</5](it') G [0,1] and |Iv?l(u) - Iv?l(u')l < 6 .sb{u,u') 
by induction on p. 

□ 

Lemma 10. Jf(d[!),) C d*}} 

Proof. Let Ai , A 2 be any two distributions in . We show that 
K{d%){Ai,A 2 ) < sup lIV'K/ii) - M(^ 2 )|, 

using an idea inspired by [DJGPO^ . Let L{Ai, A 2 ) be the optimal value of the 
following linear program 

max^^gg(Z\i(s) — A 2 {s))xs, subject to 0 < < 1 

Vs,tGS: Xs - Xt < 

Suppose {fcsjsgs be a set of real numbers that maximizes the above linear 
program to reach L(Z\i, Z\ 2 ). Let e = minjl — kt \ kt < I and t € S} and e > 0 
be any positive real number smaller than e. Hence, if t G S and kt < 1 then 

kt + e < 1. (1) 

We construct some formula ip such that 


L{Ai,A2)-€ < |i/>l(Z\i) - |i/>l(Z\2). (2) 

For any s, t G S, we distinguish two cases: 

1. If kg > kt, then 0 < kg — kt < d*/f,(s,t). It is easy to see that there exists 
some formula pgt such that 


kg - kt < |v3stl(s) - [</5sil(t) + e- 


(3) 


or equivalently |v?stl(t) — |:/7stl(s) + kg < kt + e. We define a new formula 


r © (Iv^stKs) - fcs) if > fcs 

\ Pst © (kg - |v?stl(s)) otherwise. 


Let us compare p'gt with kt- 






10 


(a) If Iv3stl(s) > ks, then 

WstW) = max(|(/3stl(t) - I<Pstl(s) + k,,0) 

< max(fct + e, 0) by ([3]) 

= kt + e 

(b) Otherwise, {(fi'stlit) = min(|(^st](t) + ks - [i^sil(s), 1). By dS]) we infer 
that |i^sil(t) + ks — |i^sil(s) < kt + e. Since kt < ks < 1 we infer by m 
that At + e < 1 and thus |‘t?stl(0 < h + e. 

In both (a) and (b) we have It/^stK^) < kt + e, and it is also easy to see that 

bJitKs) = ks- 

2. If ks < kt, then we simply set (p'^t to be the formula As in the last case, 
we have |<t3^J(s) = ks and IPstW) = ks < h < h + e. 

In summary, the above reasoning says that for any s,t G S we can construct 
a formula (p'^t such that litSstK®) = ks and < kt + e. Now let us define 

p's = AtesV’sf It is easy to see that |v?sl(s) = kg and < kt + e for 

all t € S. The latter implies max{|(/jy(t) | s, t G S'} < At + e. Then define 

p = Vsgs As- For all t G S, we have 

kt = WtKt) < M(t) = niax{|v5y(t) I s,t G Sj < At + e. 

Finally, we define ift = [i^]. It follows that 

- W(^2) = IMK^i) - [M1(^2) 

= Etes (t) • M (t) - EtGS ^2 (t)) • M (t) 

> T,tes W • kt - T,tes ' MW 

> Etes W • kt - T,tes • (At + e) 

= Etes(^i(t) - ^ 2 (t)) • kt - A 2 it) ■ e 

= L{Ai, A 2 ) — € 


as required. □ 

The above property will be used to prove the following lemma. 

Lemma 11. d^f, C d}}, 

Proof. We show that d}}, is a state-based bisimulation metric. Let s, t be any two 
states in S and e be any real number in the interval [0,1) with d(!}(s, t) < e. As¬ 
sume that s -E Ai is an arbitrarily chosen transition from s. Then state t must 
be able to perform action a too. Otherwise it is easy to see that d^Es, t) = 1 > e, 
which contradicts our assumption above. We need to show that there exists 
some transition t -E A 2 with A(dl,},)(Ai, A 2 ) < e. Suppose for a contradic¬ 
tion that no a-transition from t satisfies this condition. In other words, for each 
A 2 with t -E A 2 we have A(dl,},)(Ai, A|) > e. By Lemma ITOl this means 
d}'^(Ai,A 2 ) > e. Then there must exist some formula ^ such that 
IMl(Ai) - Ml (Ay I > e. Furthermore, we can strengthen this condition to 
the following one 

Ml(Ai)-Ml(Ay >e 


( 4 ) 
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because we can take the formula -i'02 in place of '!/'2 in the case that |'0y (Z\i) < 
IV'y (^ 2 ). Let ip = {a) © IV'^(^ 2 ))- We infer that 

M(s) = niax^^^IA, V'l © 

> IAi(V '2 © IV'y(^* 2 ))l(^i) 

= min^lA^ © [Ay (^2)1 (^1) 

= IA 2 © IA 2 l(^ 2 )l(^i) for some k 

= max([V^|l(^i)-IA2y(^2), 0) 

> e by (gl) 

On the other hand, we have 

MW = niax^^^JAjM © IA2l(^y)lMl) 

= max^^^, niin^M © 

= max^^^, minj max((Ml(/i|) - MK^D), 0) 

= 0 

It follows that d'A(s, t) > M('^) ~ M(^) > which gives rise to a contradiction. 

□ 

By combining the above three technical lemmas we obtain the following log¬ 
ical characterisation of the state-based bisimilairty metric. 

Theorem 12. d^;, = d'A and i4r(ds(,) = d'^^ □ 

Remark 13. In the proof of Lemma fTTl we have constructed the formula 

V5 = (a) /\(A 2 © Ml (M)) (5) 

i 

by making use of conjunction and minus connectives for distribution formulae. 
This happens because in the presence of non-determinism state t may perform 
action a and then evolves into one of successor distributions A\. If we confine 
ourselves to deterministic pLTSs, then state t will have a unique successor distri¬ 
bution Z \2 and therefore (g]) can be simplified as p = {a)Ay In this case, there is 
no need of conjunction and minus connectives for distribution formulae. Further¬ 
more, if we fold [p\ into state formulae in Definition [SI distribution formulae can 
be completely dropped. In other words, for deterministic pLTSs, the state-based 
bisimilarity metric can be characterised by the following metric logic 

p ::=T \^p\p Qp\ Pi ^P 2 \ {a)p (6) 

Therefore, for deterministic pLTSs, the two-sorted logic in Definition [5] degener¬ 
ates into the logic considered in |DGJP04llvBW05| . as expected. 

In jDAMRSOSIICDAMRlO] a bisimulation metric for game structures is char¬ 
acterised by a quantitative ^-calculus where formulae are valuated also on states 
and no distribution formula is needed. This is not surprising because games are 
deterministic: at any state s, if two players have chosen their moves, say ai and 
02, then there is a unique distribution (5(s, 01,02) to determine the probabilities 
of arriving at a set of destination states. 
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4 Distribution-Based Bisimulation Metric 

The bisimilarity metric given in Definition [5] measures the distance between 
two states. Alternatively, it is possible to directly define a metric that measures 
subdistributions. In order to do so, we first define a transition relation between 
subdistributions. 

Definition 14. We write A A' if A' = A{s) ■ Ag, where Ag is 

determined as follows: 

— either s Ag 

— or there is no 0 with s —> 0, and in this case we set Ag = e. 

Note that if A A' then some (not necessarily all) states in the support of A 
can perform action a. For example, consider the two states S 2 and S 3 in Figure[TJ 
Since S 2 sj and S 3 cannot perform action c, the distribution A = + ^ss 

can make the transition A to reach the subdistribution isj. 

Definition 15. A 1-bounded pseudometric d on 'C>{S) is a distribution-based 
bisimulation metric if \ \Ai\ — \A 2 \ \ < d{Ai,A 2 ) and for all Z\i, Z \2 G D(S') and 
€ G [0, 1 ) with d{Ai,A 2 ) < e, if Ai A'^ then there exists an A 2 A 2 with 
d{A[,A'2)<e. 

The smallest (wrt. C) distribution-based bisimulation metric, notation d^fi, 
is called distribution-based bisimilarity metric. Distribution-based bisimilarity 
|DFD15) is the kernel of the distribution-based bisimilarity metric. 

It is not difficult to see that dsj is different from d^;,, as witnessed by the 
following example. 

Example 16. Consider the states in Figured] We first observe that dd(,(^, H) = 
0 because S 2 and t^ can match each other’s action exactly. Similarly, we have 
ddb(^, ^ 4 ) = 0. Then it is easy to see that ddh(i^ -|- ^t^ -|- ^t 4 ) = 0. Since 

Si -I- and ifi -I- 1 ^ 2 , we infer that dd;,(^, ifi -|- ^t 2 ) = 0. It, in turn, 

implies d(i(,(s,t) = 0. We have already seen in Example [3| that dgb{s,t) = i. 
Therefore, the two distance functions dsj, and d^;, are indeed different. □ 

The rest of this section is devoted to a logical characterisation of d^;,. Con¬ 
sider the metric logic whose formulae are defined below 

ijj ■.:= T \ \ Ip Qp \ fji A iIj 2 \ {a)ip (7) 

This logic is the same as that defined in (jb]) except that now we only have 
distribution formulae. We will show that this logic can capture the distribution- 
based bisimilarity metric. 

Definition 17. A formula ip G C^* evaluates in A & D(5') as follows: 
lTjiA) = \A\, 




h^K^) = 1 - MW, 

lipe pHA) = maxiMW -p, 0), 
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MaMW) = min(|V'il(Z\), MlWj), 

[(a)V'l(^) = max MiA'), 

A-^A' 

This induces a natural logical metric d'^j, over subdistributions defined by 

= sup IMiA) - M(0)| 

It turns out that d'^j, coincides with dd^. We split the proof of this coincidence 
result into two parts, to show that one metric is dominated by the other and 
vice versa. 

Lemma 18. d'^f^ Cl ddb 

Proof. Similar to the proof of Lemma |9l We proceed by structural induction on 
formulae. For any two subdistributions Z\i, A 2 S PiS), we prove that 

\MiAi) - MiA2)\ < ddb{Ai,A2) 

for all if G W*. 

We first analyze the structure of if. 

— ip = T. Then it is trivial to see that — |^/’](Z\ 2 )| = | \Ai\ — \A 2 \ \ < 

ddb{Ai, A 2 ). 

— if = -,if'. Then ||V’l(-4i) - If/'1(^2)| = |I'!/''1(^2) - IV-'K^i)! < ddf,(Z\i, Z\ 2 ) 
where the inequality holds by induction. 

— if = if' Q p. There are four subcases and we consider one of them. Suppose 
MliAi) >pand lif'l{A 2 ) < p, then ||?/'l(Z\i)-I?/’l(^ 2 )| = \lif'l{Ai)-p\ < 
IIV’KZii) - |V’'1(242)| < ddbiAi,A 2 ) by induction. 

— if = ifi Aif 2 . Without loss of generality we assume that |^](Z\i) > |'!/'1(^2)- 
There are two possibilities: 

• lilifil{A2) < I?/'2l(^2),then|V'l(/\i)-W(^2) < [V'il(^i)-[V’il(^2) < 
ddb(,Ai, A 2 ), where the last inequality holds by induction. 

• Symmetrically, if |V' 2 l(^ 2 ) < I'i/'il(^ 2 ), then MiAi) - IV’1(^2) < 
I'02l(^l) - IV'2l(^2) < Adb{Ai, Z\2). 

— if = {a)if'. Let A'l be the distribution such that Ai W A'^ and |(a)'!/'l(^i) = 

Since d^fi is a distribution-based bisimulation metric, by definition 
there exists some A '2 such that Z \2 W A '2 and ddbiA'^, A' 2 ) < dd;,(Z\i, Z\ 2 ). 
Without loss of generality we assume that |^](Z\i) > |^](Z\ 2 ). It follows 
that 

W(^l) - W(^2) 

= [V>'l(Zli)-max^^^^„IV''l(^^') 

<lif'jiA',)-miA'2) 

< ddbiA'i, A' 2 ) by induction on if' 

< ddb{Ai, A2) 
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□ 


Lemma 19. d^;, C 

Proof. Similar to the proof of Lemma [TT] We show that d|fj, is a distribution- 
based bisimulation metric. Let Z\i, A 2 be any two subdistributions in P^S) and 
e be any real number in the interval [0,1) with d^^j(Z\i, A 2 ) < e. Assume that 
Ai Z\']^ is an arbitrarily chosen transition from Ai. We need to show that 
there exists some transition A 2 A'^ with d^^^ (Z\'^, Z\y < e. Suppose for a con¬ 
tradiction that no a-transition from A 2 satisfies this condition. In other words, 
for each A\ with A 2 A\ we have d^^i,{A'i, A 2 ) > Then there must exist 
some formula ^ such that ||^y(Z\ 2 ) — Furthermore, we 

can strengthen this condition to the following one 

m{A[) - ^ (8) 

because we can take the formula -^tp^ in place of '02 in the case that |0y (A^) < 
(^ 2 )- Let (f = (a) A*(V ’2 © We infer that 

M(^i) = 0 1011 (A|)](A) 

>IAAV’^©Kl(^D)l(^'i) 

= min, 101 © |0y(A^)l(Al) 

= IA 2 © [' 02 l(^ 2 )l(^i) for some k 
= max(|0fl(Ai) - |0fl(A§), 0) 

> e by dHI 

On the other hand, we have 

101 (A 2 ) = max^^^^JAA02 © I0^1(A^))1(A|) 

= © IAy(^2)l(^2) 

= max » minj max((|0^1(A|) - |0^1(A^)), 0) 

= 0 

It follows that dlj5,(Ai,A2) > |01(Ai) — |01(A2) > e, which gives rise to a 
contradiction. □ 

By combining the previous two lemmas, we arrive at the following logical 
characterisation of the distribution-based bisimulation metric. 

Theorem 20. d^;, = d|j*f, □ 

5 Related work 


Metrics for probabilistic transition systems are first suggested by Giacalone et 
al. to formalize a notion of distance between processes. They are used also in 
|KN96irNor97) to give denotational semantics for reactive models. De Vink and 
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Rutten [dVR.99) show that discrete probabilistic transition systems can be viewed 
as coalgebras. They consider the category of complete ultrametric spaces. Similar 
ultrametric spaces are considered by den Hartog in [dHn2) . 

Metrics for deterministic systems are extensively studied. Desharnais et al. 
[DG.TP04] propose a logical pseudometric for labelled Markov chains, which is 
a reactive model of probabilistic systems. A similar pseudometric is defined by 
van Breugel and Worrell [vBWOlb] via the terminal coalgebra of a functor based 
on a metric on the space of Borel probability measures. The metric of [DGJPOdl 
lvBW05| works for continuous probabilistic transition systems, while in this 
work we concentrate on discrete systems. Interestingly, van Breugel and Worrell 
[vBWOl^ also present a polynomial-time algorithm to approximate their coalge- 
braic distances. Furthermore, van Breugel et al. propose an algorithm to approxi¬ 
mate a behavioural pseudometric without discount |vBSW08] . In |FPP11| a sam¬ 
pling algorithm for calculating bisimulation distances in Markov decision pro¬ 
cesses is shown to have good performance. In [DAMRS07IIDAMRS08| the proba¬ 
bilistic bisimulation metric on game structures is characterised by a quantitative 
/r-caluclus. Algorithms for game metrics are proposed in [GDAMRlOllRamlOj . 

Metrics for nondeterministic probabilistic systems are considered in [DJGP02] , 
where Desharnais et al. deal with labelled concurrent Markov chains (similar 
to pLTSs, this model can be captured by the simple probabilistic automata 
of |Seg95| ). They show that the greatest fixed point of a monotonic function on 
pseudometrics corresponds to the weak probabilistic bisimilarity of [PLSOO] . 

In [SDC07| a notion of trace metric is proposed for pLTSs and a tool is 
developed to compute the trace metric. In [DCPP06] a notion of bisimulation 
metric is proposed that extends the approach of [D,IGP02llDG,IPd4] to a more 
general framework called action-labelled quantitative transition systems. 

In [DAFS09] de Alfaro et al. consider metric transition systems in which the 
propositions at each state are interpreted as elements of metric spaces. In that 
setting, trace equivalence and bisimulation give rise to linear and branching dis¬ 
tances that can be characterised by quantitative versions of linear-time temporal 
logic |MP9I] and /r-calculus [Koz83) . 

In [Yin02| Ying proposes a notion of bisimulation index for the usual labelled 
transition systems, by using ultrametrics on actions instead of using pseudomet¬ 
rics on states. He applies bisimulation indexes on timed CCS and real time ACP. 
But the deeper connection between [Yin02] and our work worths some further 
studies. 

In [GLTlSj a notion of uniform continuity is proposed to be an appropriate 
property of probabilistic processes for compositional reasoning with respect to 
bisimulation metric semantics. 

6 Concluding remarks 

We have considered two behavioural pseudometrics for probabilistic labelled 
transition systems where nondeterminism and probabilities co-exist. They cor¬ 
respond to state-based and distribution-based bisimulations. Our modal charac- 
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terisation of the state-based bisimulation metric is much simpler than an earlier 
proposal by Desharnais et al. since we only use two non-expansive operators, 
negation and testing, rather than the general class of non-expansive operators. 
Our modal characterisaton of the distribution-based bisimulation metric is new. 
The characterisations are shown to be sound and complete. 

In the current work we have not distinguished internal actions from external 
ones. But it is not difficult to make the distinction and abstract away internal 
actions so as to introduce weak versions of bisimulation metrics. In a finite-state 
and hnitely branching pLTS, the subdistributions reachable from a state by weak 
transitions is infinite but can be represented by the convex closure of a finite 
set [Deni 5) . This entails that the logical characterisation of weak bisimulation 
metrics would be similar to those presented here. 
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A Convex Bisimulation Metric 

For n C V{S) we denote by cc{n) the convex closure of Il.li A G cc{der{s, a)) 
then we say Z\ is a combined transition of s labelled by a, written as s -%c 

Definition 21 (Convex bisimulation metric). A 1-bounded metric d on S 
is a convex bisimulation metric if for all s,t G S and e G [0,1) with d{s,t) < e, 
if s A then there exists a A' G cc{der{t, a)) such that K{d){A, A') < e. 

The smallest (wrt. C) convex bisimulation metric, denoted by is called con¬ 
vex hisimilarity metric. Convex bisimilarity equivalence (also called probablistic 
bisimilarity) |Seg95| is the kernel of the convex bisimilarity metric. 

Let us define the functor Feb '■ [0,1]'®^'® [0, for d: ^ x S' —>■ [0,1] and 

s, t S S by 

Pcb{d){s, f) = smp{H{K{d)){cc{der{s, a)), cc{der(t, a)))} . 

a^A 

It can be shown that Feb is monotone and its least fixed point is the convex 
bisimilarity metric. 

Given a pLTS, we can saturate it with all possible combined transitions. 
In the saturated pLTS, convex bisimulation metric coincides with state-based 
bisimulation metric because of the following lemma. 

Lemma 22. d is a convex bisimulation metric if and only if for all s,t G S and 
e G [0,1) with d{s,t) < e, if s —>e A then there exists some t —>e A' such that 
K{d){A,A') < e. 

Proof. The “if” direction is trivial. The “only if” direction can be shown by 
making use of the following inequality: 

K{d)C^Pi ■ < '^Pz ■ K{d){A,,A'f) 

i&I iGl i€l 

for any pseudometric d. This holds because 

K{d){T,ieiP^ ■ 

= max{X;„gs((E*e7P* ' A)(u) - (J2i&IP^ ’ ^i)iu))xu \ 

Xu, Xu' G [0, I] A Xu - Xu’ < d(u, m')} 

= max{X;„gs Y^idiPi • (A(m) - A[{u))xu \ x„, xw G [0,1] A - xw < d{u, u')} 
= max{X;ig 7 PiI]„g 5 (A(M) - ^i('“))^« \^u, Xu' G [0,1]Ax„-x„/ <d{u,u')} 

^ J2ieiPi • niax{X;u6s(A(w) - A'^iu))xu \ x„, xw G [0,1] A x^ - xw < d{u,u')} 
= j:.^iP^-K{d){A,Af) 

□ 

Consequently, a simple logical characterisation of convex bisimulation metric 
can be obtained by extending the logic in Section ?? with infinitary conjunc¬ 
tions and by interpreting the diamand modality with combined transitions, i.e. 
|(a)^](s) = max » |'(/'](/\). Write for the metric induced by this ex- 

tended logic. 

Theorem 23. dci, = d*^^ □ 
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B Trace Metric 

In this section we present a notion of trace metric that enjoys a straightforward 
logical characterisation. 


B.l Trace Metric 


A trace tr is a string in the set A*. We write e for the empty trace, and tri ■ tr 2 
for the concatenation of two traces tri and tr 2 . Given a finitely branching pLTS, 
the maximum probability that state s can perform trace tr is defined as follows. 


Pr{s, tr) 


J 1 ii tr = e 

1^ max^ ^^0 if tr = a • tr' 


Definition 24. For any two states s,t € S, the trace distance between them is 
given as follows: 


dt{s,t) = sup \Pr{s,tf’) — Pr{t,tr)\ 

trGA* 

Intuitively, the trace distance between s and t is the maximal difference between 
the maximum probabilities given by s and t to a same trace. 

B.2 Logical Characterizations 

Let be the set of formulae produced by the following grammar. 

(/?::= T I (a)v3 

A formula evaluates in a state s as follows: 

ri(s) = i 

|(a)(/?l(s) = Etes ' MW 

This logic induces a natural metric d*. 

d\{s,t) = sup |M(s)-MWI 

Theorem 25. dj = d^ 

Proof. It is easy to see that there is a bijection / between A* and . 

/(e) = T 

f{a ■ tr) = {a)f{tr) 


For any state s and trace tr, we can show that Pr{s, tr) = |/(tr)] (s) by induction 
on the length of tr. The required result now easily follows. □ 



